Course info

Level

Intermediate

Updated

Dec 12, 2018

Duration

4h 12m

Description

Protecting information assets is the primary goal of an information security program, and information security management provides the oversight for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective information security program, considering the organization’s mission, goals, infrastructure, and people. In this course, Information Security Manager: Information Security Program Management, you'll gain solid foundational knowledge on the program management aspect of security, as well as skills you can use to effectively protect assets in your organization. First, you'll learn how to develop internal governance, such as security policies, manage people and technology processes, and how to maintain an information security training program. Next, you'll explore how to audit third-party agreements and contracts. Finally, you'll discover how to monitor the performance of the information security program and report that information to the various stakeholders in the organization. By the end of this course, you'll be well-versed in information security program management and how it affects the organization’s information security assets.

About the author

Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.

Section Introduction Transcripts

Course OverviewHi everyone. My name is Bobby Rogers, and welcome to the Information Security Manager: Information Security Program Management course. I'm a cybersecurity analyst, and I work as a contractor securing information systems and data for the U. S. government, specializing in cyber risk management. You've all seen the headlines in the news about data breaches and information technology incidents. Have you ever wondered how these things happen, and why some people just don't secure their networks? Even if it's a security flaw in the system, you can almost always trace the problem back to a lack of security program management in the organization. That's why we've produced this course that covers how to manage an information security program in your organization. We're going to talk about the major things you need to know in order to effectively manage all the aspects of information security within your company or business. Some of the major topics that we will cover include security processes, managing security resources, security governance, and metrics. By the end of this course, you'll understand what it takes to manage information security in a business, and how critical that role is in protecting data and systems from a variety of potential security risks. Before beginning the course, you should be familiar with basic security concepts and terminology such as confidentiality, integrity, and availability, as well as authentication and authorization concepts. I hope you'll join me on this journey to learn security management with the Information Security Manager: Information Security Program Management course from Pluralsight.

Managing Security ResourcesIn this module, we're going to look at how we manage our security resources and budget. Now keep in mind that resources are not just money. Of course, we have those concerns with money, we're concerned with income, revenue, profit, loss, expenses, and so on, but resources are more than that. Resources include people, equipment, facilities, and even data, and we're going to talk about all those resources during this course. So what are we going to discuss during this module? Well, we're going to learn about several things. We're going to learn about the budget and how that affects security resources. We're also going to learn about how we might report our resource usage to management. We're going to get security requirements from both inside the organization and inside the security program that we must meet. So we have to know how to employ these resources, how to use resources to meet these requirements. And finally, we're going to look at emerging technologies, and this is because from a long-term resource perspective our infrastructure is going to wear out, it's going to require repairs, and it's going to be subject to obsolescence. It also may not be able to counter the growing threat every day. The threats it protects us against today, it may not protect us against tomorrow, so we need to look at newer and emerging technologies to help keep up with the threat landscape, but also keep our infrastructure running. We're going to talk about all of these things during this module, so let's get started.